Android is a mobile operating system (OS) first developed by a Silicon Valley company by the name of Android Inc. A collaboration spearheaded by Google in 2007 through the Open Handset Alliance (OHA) gave Android an edge in delivering a complete software set, which includes the main OS, middleware and specific mobile application.

The Android Keystore

While full-disk and file-based encryption goes a long way to protecting the data stored on an Android device, for some especially sensitive data like passwords etc., this may not be enough.

The problem is that if an attacker is able to compromise the Linux kernel or gain root access via some other means, then since the kernel is able to read the unencrypted contents of any files stored on the device (once the user has entered their password), the attacker can gain access to any sensitive data. Also, even if an attacker is not able to gain root access, if they can nonetheless compromise your app, then they can gain access to your app’s data.

The solution is to directly encrypt the most sensitive data before storing it.

Getting this right though is hard, and we strongly recommend you speak to a security expert before attempting this.